Employees of the US Departments of Treasury, Justice, and Homeland Security have been subjected to massive phishing attacks. The hackers behind the attacks used perfectly legitimate remote access tools.
As Techcrunch reports, citing the US Cybersecurity and Infrastructure Security Agency (CISA), the attack consisted of several phases. In the first phase, hackers sent, on behalf of well-known companies such as Amazon and Microsoft, emails with phishing links to potential victims. On behalf of the representatives of these companies, the hackers even called some of the victims and asked them not to ignore the email and definitely follow the link.
When the victims clicked on the link, they were prompted to install additional software, which was actually a tool to remotely access someone else's computer. Interestingly, these hackers used perfectly legitimate software such as AnyDesk and ConnectWise Control.
Once on the victims' computers, the hackers also gained access to vast amounts of data, including bank statements, which they falsified in order to steal money from the victims.
In this particular attack, the hackers did not try to steal important data, but only wanted to make money. However, hackers can use the same attacks to steal data, including of national importance.
The bad news is that most users around the world are still not cybersecurity literate and easily fall prey to such scams. Interestingly, according to data from Ernst & Young, younger employees are actually more irresponsible when it comes to their company's cybersecurity than their mature and even older colleagues, although it seems that the opposite should be the case.